Demistifying Wireless LAN: Configuration, standards and security

By Muhammad Farqan

Wired local-area networks (LANs) have been the foundation of enterprise networks for years. They still are today. However, wireless local-area networks (WLANs) have strongly emerged as the means to extend the wired network to mobile devices. If you have been into networking, you very likely have set up a wireless local-area network at home or work.

In order to set up a functional wireless network, usually minimal configuration is needed. Many of the details of wireless theory get overlooked due to this ease of configuration in smaller deployments. The details are important for more complex enterprise deployments and also for several Cisco certifications.

In this article, we will introduce you to the most important WLAN terms and concepts. You are sure to have a much better understanding of wireless networks by the time you finish reading this article. Please fasten your seat belts now.

For most companies, WLANs started out as a convenient way to let guests have an Internet connection while doing business on site. But that was the past. The perception was that wired networks were faster and more secure than WLANs. But continual improvements to WLAN standards and technologies have largely erased those concerns.

Now, WLANs have become a critical resource for employees as well as guests. In addition to laptops, devices such as smartphones and tablets are being increasingly used to read emails, manage contacts, and carry documents. Bring-your-own-device (BYOD) is not just a hot buzzword any more. It is a real trend now. The bottom line is that everyone wants the ability to be productive whether in the office, at home, or in another country—and they want to be able to do it using their own devices.

Wireless Transmission

Wireless LANs use radio waves to send and receive data at Layer 1 of the OSI reference model. Wireless network-interface cards, access points, and other WLAN devices use a built-in radio transceiver (transmitter + receiver) and antenna to transmit and receive data encoded in radio waves. The wireless medium is inherently different from copper or optical media. However, the basic idea of encoding data by modifying the signal is the same. While wired LANs use electrical signals over copper wires or light over optical cables, WLANs use radio waves that flow through the surrounding air.

Many electronic devices produce radio waves at varying frequencies, some related to the device’s purpose such as WLAN NICs, cordless phones, and wireless cameras. In other cases the radio wave emission is an undesirable side effect. For example, televisions and kitchen appliances radiate some energy. Energy radiated by one device can interfere with other devices operating at the same range of radio frequencies.

Wireless LANs also suffer from radio interference from other wireless devices. In addition, wireless LAN transmission is affected by physical surroundings. Wireless energy is generated by the antennas of wireless devices and radiates outward in all directions. As it encounters a physical object like a metal cabinet, wall, floor, or ceiling, part of it gets reflected, scattered, and absorbed while part of it passes through the obstacle. All these factors are taken into account when designing wireless LANs as they directly affect the range of effective wireless transmission.

Comparing Wireless and Wired LANs

At the most basic level, switched networks use wires for connections, and wireless networks don’t. A traditional Ethernet network is defined by the IEEE 802.3 standards, while wireless LANs are defined by the IEEE 802.11 standards. Even though wireless LANs are also based on standards, the wireless medium itself is more challenging to control.

When a PC attaches to a wired Ethernet network, it shares that network connection with a known number of other devices that are also connected to the same segment. When the same PC uses a wireless network, it does so over the air. No wires or outlets exist at the access layer, and other end users are free to use the same air.

The wireless LAN essentially becomes a shared network, where a varying number of hosts compete with each other for the use of air at any time. As a result, every wireless connection is in half-duplex mode and collisions are a part of daily life in wireless LANs. IEEE 802.11 WLANs are always half-duplex because transmitting and receiving stations use the same frequency. Only one station can transmit at any time; otherwise, collisions occur.

To achieve full-duplex operation, all transmitting would have to take place at one frequency, and all receiving would occur over a different frequency, much like full-duplex Ethernet links work, where a separate pair of wires is used to transmit and receive. Although it is certainly possible and practical to achieve full-duplex communication with WLANs, the IEEE 802.11 standards do not permit full-duplex operation.

How to Avoid Collisions in a WLAN

When two or more wireless stations attempt to transmit at the same time, their signals become mixed with each other. Receiving stations can receive the mixed signal but see the result only as garbled data, noise, or errors.

As a matter of fact, no straight forward method exists to determine whether a collision has occurred. There exists a basic feedback mechanism to alleviate these situations with wireless LANs. Whenever a wireless station transmits a frame, the receiving stations must send back an acknowledgement to confirm that the frame was received without any errors.

These acknowledgement frames serve as a basic collision detection tool and are specific to wireless LANs only; there is no such mechanism for wired Ethernet LANs. However, these acknowledgements do not work to prevent collisions from occurring in the first place.

The IEEE 802.11 standards use the carrier sense multiple access/collision avoidance (CSMA/CA) method as compared to the carrier sense multiple access/collision detection (CSMA/CD) method used by wired IEEE 802.3 networks. In Ethernet LANs built with a hub, the whole network is a single collision domain, which means only one device can transmit at one point in time.

The CSMA/CD mechanism in wired LANs dictates that a station wanting to transmit must first check if another station is already transmitting. It can start its own transmission only if no other station is currently transmitting. Wireless LANs are analogous to wired LANs in this regard. A wireless station must also check to see if another device is already transmitting on the wireless medium. It can start its own wireless transmission only if no other device is already transmitting and the wireless medium is free to be used. Collision avoidance works by requiring all wireless stations to listen before they transmit a frame.

Wireless Access Point (AP)

The primary function of an access point (AP) is to act as a bridge between the wireless medium and the normal wired network. An access point can accept wireless connections from a number of wireless clients and it offers them connectivity to the wired LAN, as if the same clients were using wired connections. An AP is much like a translational bridge, where frames from two dissimilar media are translated and then bridged at Layer 2.

An AP can also act as a bridge to form a single wireless link to another AP connecting one LAN to another. Cisco even offers an AP that can bridge WLAN traffic from AP to AP in a daisy-chain manner. This allows a large outdoor area to be covered with a WLAN without the need to run cables at all.

Access points act as central points to control client access to the WLAN. Any client attempting to use the WLAN must first establish an association with an AP. The AP can allow open access so that any client can associate, or it can tighten control by requiring authentication credentials or other criteria before allowing associations.

An AP can provide wireless connectivity only to the clients within its range. The AP location must be carefully planned so that its range matches up with the area in which WLAN coverage is desired. The signal of a wireless router or access point typically extends up to approximately 300 feet. If there is more than one access point in your wireless LAN, wireless client devices can roam from one access point to another without losing connectivity.

Figure 1 Wireless LAN

 

Service Set Identifier (SSID)

In IEEE 802.11 terminology, a group of wireless devices, typically consisting of an AP and wireless clients, is known as a service set. The devices in a service set must share a common service set identifier (SSID), which is nothing more than a text string included in every wireless frame sent and received. For two wireless devices to communicate successfully, the SSIDs must match across the sender and receiver.

Beacons

Beacons are special frames in IEEE 802.11 WLANs that contain all the information about the network and are transmitted every 100 ms by default. Access points have the responsibility of periodically sending beacons. Each beacon received by a wireless station identifies the presence of an AP. By default, wireless network-interface cards (NICs) passively scan all radio frequency (RF) channels and listen for beacons coming from access points in order to find a suitable access point. When a beacon is found, the wireless NIC learns a great deal of information such as SSID, supported data rates, and several other parameters. The network name or SSID can also be hidden by not broadcasting it publicly in beacons. It is called cloaking and it serves as a weak security measure.

Wireless LAN Standards

The IEEE 802.11 is a set of wireless LAN standards developed and maintained by the Institute of Electrical and Electronics Engineers (IEEE). The base version of IEEE 802.11 was released in 1997 and has undergone several revisions, the most important being 802.11a, 802.11b, 802.11g, and 802.11n. The following table offers a quick glimpse of various features of these standards.

Table 11-3 WLAN Standards

 

802.11a

802.11b

802.11g

802.11n

Year

1999

1999

2003

2008

Data Rate

54 Mbps

11 Mbps

54 Mbps

248 Mbps*

Throughput

23 Mbps

4.3 Mbps

19 Mbps

74 Mbps

Frequency

5 GHz

2.4 GHz

2.4 GHz

2.4 and/or 5 GHz

Compatibility

None

802.11g

With 802.11b

802.11a, b, and g

Range (meters)

35-120

38-140

38-140

70-250

No. of Channels

3

Up to 23

3

14

Transmission

OFDM

DSSS

DSSS/OFDM

MIMO

* With 2×2 antennas

Wireless LAN Security

Most vendors ship wireless products with all security features disabled, that is, with an open access policy. An open access policy is only suitable for public locations such as cafes, but it is definitely not appropriate for company networks with mission-critical data circulating on the wireless medium. Wireless security features must be enabled to protect networks from unauthorized access and other threats.

Security concerns have caused many organizations to avoid WLAN network deployments, regardless of the numerous benefits they provide. Securing a WLAN is not difficult, but proper security solutions have to be selected and applied.

Here is a list of features and technologies available to secure wireless networks:

Service Set Identifier (SSID)

Service set identifier (SSID) is an arbitrary text string or a name for a WLAN that provides a basic access control mechanism. Normally, wireless APs broadcast their SSID so that wireless clients can learn about their presence and use the SSID to connect. But this SSID broadcast can be disabled on the AP if SSID is to be used as a basic security measure. This basic wireless security measure, achieved by hiding the network name or SSID from being broadcast publicly, is calledcloaking. The network administrator can provide the SSID information to authorized wireless users to allow connection to the AP.

MAC Address Authentication

Another common WLAN security feature is the use of MAC address authentication. MAC authentication allows network access only to known MAC addresses. MAC authentication is very simple in concept and is equally simple to configure. MAC authentication is not specified in the IEEE 802.11 standards, but most vendors of wireless equipment, including Cisco, support this feature.

Wired Equivalent Privacy (WEP)

Wired equivalent privacy (WEP) was part of the original IEEE 802.11 standard in 1997, providing authentication and encryption services. A static pre-shared key (PSK) composed of only 64 bits had to be statically configured on the AP and all wireless clients that need to associate with that AP. The short key values made it possible to predict the key, based on frames sniffed from the WLAN. Now, it is an established fact that WEP provides only weak authentication and encryption that can be cracked using easily available tools. Because of this and the fact that later standards provide much better security, WEP should not be used today.

Wi-Fi Protected Access (WPA)

In view of the vulnerabilities in WEP, the Wi-Fi Alliance stepped forward and created a multivendor WLAN security standard. This new standard was called Wi-Fi Protected Access (WPA) and it greatly improved WLAN security compared to WEP. At that time, IEEE was also working on the 802.11i security standard but it was not final when WAP became available.

WPA2 / IEEE 802.11i

The IEEE 802.11i standard, eventually introduced in 2005, includes the advanced encryption standard (AES), which is a major improvement over the WPA standard. AES provides even stronger encryption with longer keys and more secure encryption algorithms. The Wi-Fi Alliance provides product certification services for 802.11i but likes to call it WPA2 instead of IEEE 802.11i, meaning the second version of WPA.

Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.